From 5e2a3190f4e1254f15ce7f3b3063cf029b270da2 Mon Sep 17 00:00:00 2001
From: ts <thomashaw@localhost.localdomain>
Date: Fri, 2 Nov 2018 09:54:59 +0000
Subject: [PATCH] MetaCTF: Added scaffolding files, optionally strip the Ch01_,
 00_angr_, etc from binary names. No longer gives challenger sudo (oops!)

---
 .../manifests/install_setgid_binary.pp        | 28 ++++++-----------
 .../unix/ctf/metactf/manifests/configure.pp   | 31 +++++++++++++++++--
 .../unix/ctf/metactf/secgen_metadata.xml      |  5 +++
 .../ctf_challenge_examples/metactf.xml        | 13 +++++++-
 4 files changed, 54 insertions(+), 23 deletions(-)

diff --git a/modules/build/puppet/secgen_functions/manifests/install_setgid_binary.pp b/modules/build/puppet/secgen_functions/manifests/install_setgid_binary.pp
index 822ae5121..286b9c441 100644
--- a/modules/build/puppet/secgen_functions/manifests/install_setgid_binary.pp
+++ b/modules/build/puppet/secgen_functions/manifests/install_setgid_binary.pp
@@ -23,11 +23,15 @@ define secgen_functions::install_setgid_binary (
   ensure_resource('parameterised_accounts::account', "parameterised_$username",
     { "username"         => $account['username'],
       "password"         => $account['password'],
-      "super_user"       => $account['super_user'],
+      "super_user"       => str2bool($account['super_user']),
       "strings_to_leak"  => $account['strings_to_leak'],
       "leaked_filenames" => $account['leaked_filenames'], })
 
-  $storage_directory = "/home/$username"
+  if $storage_dir {
+    $storage_directory = $storage_dir
+  } else {
+    $storage_directory = "/home/$username"
+  }
 
   $challenge_directory = "$storage_directory/$challenge_name"
   $modules_source = "puppet:///modules/$source_module_name"
@@ -47,17 +51,9 @@ define secgen_functions::install_setgid_binary (
 
   ensure_resource('group', $group, { 'ensure' => 'present' })
 
-  exec { "add $username $group membership":
-    unless  => "/bin/grep -q \"$group\\S*$username\" /etc/group",
-    command => "/usr/sbin/usermod -aG $group $username",
-    require => [Group[$group], Parameterised_accounts::Account["parameterised_$username"]]
-  }
-
   # Create challenge directory
-  ::secgen_functions::create_directory { "create_$challenge_directory":
-    path   => $challenge_directory,
-    notify => File["$challenge_directory/$challenge_name"],
-  }
+  ensure_resource('file', $storage_directory, { 'ensure' => 'directory'})
+  ensure_resource('file', $challenge_directory, { 'ensure' => 'directory'})
 
   # Move the compiled binary into the challenge directory
   file { "$challenge_directory/$challenge_name":
@@ -66,6 +62,7 @@ define secgen_functions::install_setgid_binary (
     group  => $group,
     mode   => '2771',
     source => $bin_path,
+    require => File[$challenge_directory]
   }
 
   # Drop the flag file on the box and set permissions
@@ -78,13 +75,6 @@ define secgen_functions::install_setgid_binary (
     mode              => '0440',
     leaked_from       => "$source_module_name/$challenge_name",
     require           => [Group[$group], File["$challenge_directory/$challenge_name"]],
-    # notify            => Exec["remove_$compile_directory"],
   }
 
-  # TODO: Remove compile directory  (may not be necessary, try reboot stretch vms + see if /tmp is cleared (or just remove $outer_bin_path if the variable exists).
-  # exec { "remove_$compile_directory":
-  #   command => "/bin/rm -rf $compile_directory",
-  #   require => [File["$challenge_directory/$challenge_name"]]
-  # }
-
 }
diff --git a/modules/utilities/unix/ctf/metactf/manifests/configure.pp b/modules/utilities/unix/ctf/metactf/manifests/configure.pp
index 05066bc66..7d47231dc 100644
--- a/modules/utilities/unix/ctf/metactf/manifests/configure.pp
+++ b/modules/utilities/unix/ctf/metactf/manifests/configure.pp
@@ -4,6 +4,7 @@ class metactf::configure {
   $challenge_list = $secgen_params['challenge_list']
   $flags = $secgen_params['flags']
   $groups = $secgen_params['groups']
+  $include_chapters = str2bool($secgen_params['include_chapters'][0])
   $include_scaffolding = str2bool($secgen_params['include_scaffolding'][0])
 
   $raw_account = $secgen_params['account'][0]
@@ -35,25 +36,49 @@ class metactf::configure {
       $challenge_name = $split_challenge[1]
       $binary_path = "$install_dir/$metactf_challenge_category/obj/secgen/$metactf_challenge_type/$challenge_name"
 
-      # TODO - Determine the path to the scaffold file + stick it in the challenge directory. Set permission read writable for all (0666).
+      if !$include_chapters {
+        $split_challenge_name = split($challenge_name,'_')
+        $chapterless_name_arr = $split_challenge_name[2,-1]
+        if $chapterless_name_arr.size > 1 {
+          $target_challenge_name = join($chapterless_name_arr, '_')
+        } else {
+          $target_challenge_name = $chapterless_name_arr[0]
+        }
+      } else {
+        $target_challenge_name = $challenge_name
+      }
+
       if $include_scaffolding {
-        # Add scaffolding file
         $challenge_number = split($challenge_name, '_')[0]
         $scaffold_filename = "scaffold$challenge_number.py"
 
+        $scaffold_path = "$install_dir/$metactf_challenge_category/$challenge_name/$scaffold_filename"
+
+        file { "create-$challenge_name-$scaffold_filename":
+          path => "$storage_dir/$challenge_name/$scaffold_filename",
+          ensure => file,
+          source => $scaffold_path,
+        }
       }
 
     } else {
       $challenge_outer_dir = $split_challenge[1]
       $challenge_name = $split_challenge[2]
       $binary_path = "$install_dir/$metactf_challenge_category/$challenge_outer_dir/$challenge_name/obj/secgen/$challenge_name"
+
+      if !$include_chapters {
+        $split_challenge_name = split($challenge_name,'_')
+        $target_challenge_name = $split_challenge_name[-1]
+      } else {
+        $target_challenge_name = $challenge_name
+      }
     }
 
     $group = $groups[$counter]
 
     ::secgen_functions::install_setgid_binary { "metactf_$challenge_name":
       source_module_name => $module_name,
-      challenge_name     => $challenge_name,
+      challenge_name     => $target_challenge_name,
       group              => $group,
       account            => $account,
       flag               => $flag,
diff --git a/modules/utilities/unix/ctf/metactf/secgen_metadata.xml b/modules/utilities/unix/ctf/metactf/secgen_metadata.xml
index c4f7642a9..dd7e4eb38 100644
--- a/modules/utilities/unix/ctf/metactf/secgen_metadata.xml
+++ b/modules/utilities/unix/ctf/metactf/secgen_metadata.xml
@@ -21,6 +21,7 @@
   <read_fact>flags</read_fact>
   <read_fact>groups</read_fact>
   <read_fact>account</read_fact>
+  <read_fact>include_chapters</read_fact>
   <read_fact>include_scaffolding</read_fact>
 
   <default_input into="challenge_list">
@@ -44,6 +45,10 @@
     <value>challenge03</value>
   </default_input>
 
+  <default_input into="include_chapters">
+    <value>false</value>
+  </default_input>
+
   <!-- src_angr challenges have scaffolded example python files, optionally include them. -->
   <default_input into="include_scaffolding">
     <value>true</value>
diff --git a/scenarios/examples/ctf_challenge_examples/metactf.xml b/scenarios/examples/ctf_challenge_examples/metactf.xml
index 26b19a152..8e47a7140 100644
--- a/scenarios/examples/ctf_challenge_examples/metactf.xml
+++ b/scenarios/examples/ctf_challenge_examples/metactf.xml
@@ -8,7 +8,7 @@
     <system_name>metactf</system_name>
     <base platform="linux" type="server" distro="Stretch"/>
 
-    <utility type="reversing_tools"/>
+    <!--<utility type="reversing_tools"/>-->
 
     <utility module_path=".*parameterised_accounts">
       <input into="accounts" into_datastore="account">
@@ -33,15 +33,26 @@
         <value>challenge01</value>
         <value>challenge02</value>
         <value>challenge03</value>
+        <value>challenge04</value>
+        <value>challenge05</value>
       </input>
       <input into="flags">
         <generator type="flag_generator"/>
         <generator type="flag_generator"/>
         <generator type="flag_generator"/>
+        <generator type="flag_generator"/>
+        <generator type="flag_generator"/>
       </input>
       <input into="account">
         <datastore>account</datastore>
       </input>
+      <input into="include_chapters">
+        <value>true</value>
+      </input>
+      <input into="include_scaffolding">
+        <value>true</value>
+        <!--<value>false</value>-->
+      </input>
     </utility>
 
     <!--<utility module_path=".*metactf">-->